Dnsmasq爲小型網絡提供網絡基礎設施:DNS,DHCP,路由器通告和網絡引導。
它被設計爲輕量級且佔用空間小,適用於資源受限的路由器和防火牆。
它還被廣泛用於智能手機和便攜式熱點的共享,並支持虛擬化框架中的虛擬網絡。
支持的平臺包括Linux,Android,* BSD和Mac OS X.
Dnsmasq包含在大多數Linux發行版以及FreeBSD,OpenBSD和NetBSD的端口系統中。
Dnsmasq提供完整的IPv6支持。
測試環境中,讓 api.xlxh.net 關聯到IP爲 1.2.2.6 的測試服務器,
我們現在的解決方案是:
在本機的 /etc/hosts 文件 中記錄相應的域名IP映射關係,
本機在嘗試 解析一個域名時,會先去/etc/hosts中查找該域名對應的IP,並訪問相應IP的服務器。
只有當/etc/hosts中 沒有該域名的記錄時,本機纔會去DNS服務器進行域名解析。
本機解析域名的優先級:
DNS緩存 > /etc/hosts > DNS服務。
1、ONU WEB頁面配置本地 DNS Service
2、如何驗證 DNS Service功能是否 生效???
- PC直連被測設備 訪問對應的域名(或頁面設置的主機名) ,通過wireshare抓包軟件 ,查看 該域名 返回的IP地址 是否 與設置 域名對應的IP地址一樣(/etc/hosts文件)
- 通過dhs客戶端指令解析 查看: nslookup 域名 查看 解析出的IP地址是否 和設置的IP一致
nslookup api.xlxh.net
![在這裏插入圖片描述]()
Telnet ONU命令行通過 nslookup指令解析DNS
![在這裏插入圖片描述]()
- 通過 host指令查看 域名對應的IP地址:
host api.xlxh.net
3、DNS 服務器在linux下安裝配置
3.1 安裝Dnsmasq
該測試服務器的系統是ubuntu,使用自帶的包管理器下載並安裝Dnsmasq最簡潔。
sudo apt-get install dnsmasq
3.2 配置Dnsmasq
Dnsmasq所有的配置都在 /etc/dnsmasq.conf文件 中完成,按照需要簡單做了以下修改。
#首先配置resolv-file,這個參數表示dnsmasq會從這個指定的文件中尋找上游DNS服務器
resolv-file=/etc/resolv.dnsmasq.conf
#單設置127.0.0.1爲只能本機使用,單設置本機IP爲只能內部全網使用而本機不能用,這裏需要同時設置兩者
listen-address=127.0.0.1,192.168.1.98
#dnsmasq緩存設置
cache-size=1024
然後根據自己設置的resolv-file=/etc/resolv.dnsmasq.conf,配置/etc/resolv.dnsmasq.conf文件,指定上游DNS服務器
nameserver 114.114.114.114
3.3 按以上配置配置好Dnsmasq並啓動後,會發現Dnsmasq無法正常解析域名,
使用ps -ef | grep dnsmasq查看後發現如下信息
dnsmasq 10384 1 0 15:16 ? 00:00:00 /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u
dnsmasq -r /var/run/dnsmasq/resolv.conf -7
其中dnsmasq -r /var/run/dnsmasq/resolv.conf說明Dnsmasq是從/var/run/dnsmasq/resolv.conf文件中獲取上游DNS服務器,
而非我們指定的resolv-file=/etc/resolv.dnsmasq.conf。
查閱了無數文檔以後,發現在**/etc/default/dnsmasq中有一個IGNORE_RESOLVCONF屬性**,說明如下
# If the resolvconf package is installed, dnsmasq will use its output
# rather than the contents of /etc/resolv.conf to find upstream
# nameservers. Uncommenting this line inhibits this behaviour.
# Note that including a "resolv-file=<filename>" line in
# /etc/dnsmasq.conf is not enough to override resolvconf if it is
# installed: the line below must be uncommented.
# IGNORE_RESOLVCONF=yes
這裏必須取消IGNORE_RESOLVCONF=yes前的註釋,才能讓resolv-file=/etc/resolv.dnsmasq.conf生效。
3.4 啓動Dnsmasq
sudo service dnsmasq start
3.5 設置ONU或路由器,將DNS服務指向本地DNS服務器
-------參考上述步驟1和2
3.6 查看端口和進程
1)查看進程
ps -ef |grep dnsmasq
2)查看監聽端口
netstat -tupnl |grep dnsmasq
4、 dnsmasq 命令參數詳解:
如下指令分析:
dnsmasq -r /var/default_resolv.conf -M 0 -T 6 -P 0 -U 0 -
-r:
-r, --resolv-file=<file>
Read the IP addresses of the upstream nameservers from <file>, instead of /etc/resolv.conf. For the format of this file see resolv.conf(5). The only lines relevant to dnsmasq are nameserver ones. Dnsmasq can be told to poll more than one resolv.conf file, the first file name specified overrides the default, subsequent ones add to the list. This is only allowed when polling; the file with the currently latest modification time is the one used.
-M 0:
-M, --dhcp-boot=[tag:<tag>,]<filename>,[<servername>[,<server address>|<tftp_servername>]]
(IPv4 only) Set BOOTP options to be returned by the DHCP server. Server name and address are optional: if not provided, the name is left empty, and the address set to the address of the machine running dnsmasq. If dnsmasq is providing a TFTP service (see --enable-tftp ) then only the filename is required here to enable network booting. If the optional tag(s) are given, they must match for this configuration to be sent. Instead of an IP address, the TFTP server address can be given as a domain name which is looked up in /etc/hosts. This name can be associated in /etc/hosts with multiple IP addresses, which are used round-robin. This facility can be used to load balance the tftp load among a set of servers.
-T 6:
-T, --local-ttl=<time>
When replying with information from /etc/hosts or configuration or the DHCP leases file dnsmasq by default sets the time-to-live field to zero, meaning that the requester should not itself cache the information. This is the correct thing to do in almost all situations. This option allows a time-to-live (in seconds) to be given for these replies. This will reduce the load on the server at the expense of clients using stale data under some circumstances.
-P 0:
-P, --edns-packet-max=<size>
Specify the largest EDNS.0 UDP packet which is supported by the DNS forwarder. Defaults to 4096, which is the RFC5625-recommended size.
-U 0:
-U, --dhcp-vendorclass=set:<tag>,[enterprise:<IANA-enterprise number>,]<vendor-class>
Map from a vendor-class string to a tag. Most DHCP clients provide a "vendor class" which represents, in some sense, the type of host. This option maps vendor classes to tags, so that DHCP options may be selectively delivered to different classes of hosts. For example --dhcp-vendorclass=set:printers,Hewlett-Packard JetDirect will allow options to be set only for HP printers like so: --dhcp-option=tag:printers,3,192.168.4.4 The vendor-class string is substring matched against the vendor-class supplied by the client, to allow fuzzy matching. The set: prefix is optional but allowed for consistency.
Note that in IPv6 only, vendorclasses are namespaced with an IANA-allocated enterprise number. This is given with enterprise: keyword and specifies that only vendorclasses matching the specified number should be searched.
-x:
-x, --pid-file=<path>
Specify an alternate path for dnsmasq to record its process-id in. Normally /var/run/dnsmasq.pid.
詳細參數見:http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html#lbAE